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IN THE CLAIMS 

1 . (Currently Amended) An encoded set of processor based instructions on a 
computer readable storage medium that, when executed in a computer having the 
processor, cause the computer to oeefable-to perform a method of monitoring access to 
a protected database resource comprising: 

identifying an attempt to access the database resource, the access attempt being 
local and directed to an access gateway of the database resource; 

identifying a plurality of access paths to the protected database resource; 

intercepting the identified attempt to access the database resource, intercepting 
occurring in a prioritized manner with respect to receipt of the access attempt by the 
access gateway, intercepting further comprising: 

determining an IPC mechanism to be employed by a local client for 

accessing the DB resource , the IPC mechanism defined by a dynamic linked 

library (DLL); 

identifying a common access point for the access paths to the protected 
resource, access attempts occurring via the identified access point for the 
identified access paths , identifying including: 

replacing the determined DLL for database access with an interface 
wrapper, the interface wrapper for identifying the local agent as a 
[gsponsiy^ interface wrapper spoofs 

the database access gateway as the entity responsive to database access 
a Kemp,tg A .the inte S PC intercept for receiving 

database connection attempts prior to receipt by the database access 
gateway; and 

establishing, in response to the identified connection attempt, an 
event notification list responsive to database access attempts using the 
identified connection; 

establishing an IPC intercept from the common access point employed by 
database clients for accessing the DB resource by storing, in the event 
notification list, the local agent as the first entity to receive control from a 



U.S. Application No.: 10/780,407 Attorney Docket No.: GRD03-04 

-3- 

database access attempt via the identified connection, the event notification list 
operable to initiate handlers responsive to the event : and 

receiving the access attempt at the local agent via the IPC intercept prior 
to receipt of the access attempt by the access gateway; and 

transmitting, in a nondestructive manner, the intercepted access attempt 
to a local agent, the nondestructive manner operable to preserve the intercepted access 
attempt for successive receipt by the access gateway. 

2. (Original) The method of claim 1 wherein the access attempt is deterministic of a 
DB instruction, and the local agent is in communication with a data security device 
operable to analyze the propriety of the access attempt from objects and data values 
referenced by the DB instruction. 

3. (Original) The method of claim 1 wherein intercepting in a prioritized manner 
further comprises: 

receiving the access attempt into an interception register prior to receipt 
by the access gateway; 

invoking a prioritized request to activate a reading operation of the 
interception register, invoking occurring prior to activation of a read operation of the 
access attempt on behalf of the access gateway; and 

reading the access attempt from the interception register, the interception 
register subsequently appearing undisturbed to the access gateway. 

4. (Original) The method of claim 1 further comprising, prior to identifying the 
access attempt, establishing an IPC intercept operable to receive IPC communications 
directed to the access gateway prior to receipt of the IPC communication by the access 
gateway. 

5. (Original) The method of claim 1 wherein identifying the access attempt further 
comprises listening, at a common access point, for an incoming connection to the 
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database resource, the common access point adapted to aggregate access attempts to 
the database resource from a plurality of access mediums. 

6. (Original) The method of claim 2 wherein transmitting further comprises rerouting 
the intercepted access attempts to the data security device, the data security device 
operable to offload data security decisions as a consolidated appliance, the offloaded 
data security decisions relieving the host from processing the data security decisions. 

7. (Original) The method of claim 1 wherein the local agent performs rerouting of 
local access attempts in a lightweight manner such that the data security device is 
operable to receive local and remote access attempts, wherein security coverage of the 
DB server for network and local access attempts occur via a common appliance. 

8. (Original) The method of claim 1 wherein intercepting further comprises: 

receiving, from a notification object responsive to an event handler, an 
indication of an IPC communication indicative of a DB access attempt; 

identifying an instruction register in a shared memory area, the instruction 
register having a database instruction corresponding to the access attempt; 

retrieving the DB instruction from the identified instruction register; and 

transmitting the retrieved DB instruction to the data security device. 

Claims 9-10. (Canceled) 

1 1 . (Original) The method of claim 1 further comprising: 

establishing an interface wrapper between the access gateway and the local 
client, the interface wrapper operable to identify an IPC mechanism adapted to transport 
communications between the access gateway and the local client; and 

modifying the identified IPC mechanism to inform the local agent of the 
communications between the access gateway and the local client prior to informing the 
access gateway of the communication. 
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12. (Original) The method of claim 1 1 wherein the IPC mechanism is a shared 
memory portion including a plurality of instruction registers, the instruction registers 
operable to buffer a DB instruction for receipt by the access gateway. 

13. (Previously Presented) The method of claim 1 wherein the local agent is a 
lightweight agent operable to intercept the access attempt and transmit the intercepted 
DB instruction to a data security device, the local agent avoiding analyzing the access 
attempt on a DB host supporting the DB server. 

14. (Previously Presented) The method of claim 1 wherein intercepting further 
comprises 

blocking the intercepted access attempt from receipt by the access gateway, and 
selectively unblocking the access attempt depending on a data security decision 
indicative of the propriety of the access attempt. 

15. (Original) The method of claim 14 further comprising: 

computing the data security decision at the data security device; and 
transmitting the data security decision to the local agent, the local agent 
operable to permit receipt of the access attempt by the DB server. 

16. (Original) The method of claim 1 5 wherein the data security decision further 
comprises: selectively logging and blocking the access attempt, the data security 
decision including processing selected from the group consisting of firewalls, filters, 
intrusion detectors, alarms, alerts, tunneling and passwords. 

1 7. (Original) The method of claim 1 1 wherein establishing the interface wrapper 
further comprises: 

identifying an event corresponding to a communication via the IPC 

mechanism; 
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identifying a local event object corresponding to the event, the local event 
object having a notification list adapted to include registrants of an occurrence of the 
event; and 

registering the local agent in the notification list, the local agent registered 
before the access gateway to receive notifications prior to receipt of the notification by 
the registered access gateway. 

18. (Currently Amended) An encoded set of processor based instructions on a 
computer readable storage medium that, when executed in a computer having the 
processor, cause the computer to perform a method for controlling local access to a 
database comprising: 

identifying a local access gateway to the database, the access gateway 
being a common access point into the database; 

establishing an interception wrapper between a local client and the access 
gateway, establishing the interception wrapper further comprising: 

identifying, at least one interprocess communication operation, each of 
the identified IPC operation corresponding to an event, the event derived from a 
database (DB) instruction, the IPC operation defined by a dynamic linked library 
(DLL) : 

replacing the determined DLL for database access with an interface 
wrapper, the int erface wrap^ as a 

responsive entity fo r database calls suc h that the interface wrapper spoofs 
the database access gateway as the entity responsive to database access 
attempts, the interface wrapper thus defining an IPC intercept for receiving 
database connection attempts prior to receipt by the database access 
gateway; and 

establishing, in response to the identified connection attempt, an 
event notification list responsjyejo database access attempts using the 
identified connection; 



U.S. Application No.: 10/780,407 Attorney Docket No.: GRD03-04 

-7- 

instantiating a local event object corresponding to the event, the 
local event object having a notification list indicative of notifications of an 
object to be made upon an occurrence of the event; and 

storing, in the event notification list, the local agent as the first entity 
to receive control from a database access attempt via the identified 
connection, the ev ent notifica tion list operable to initiate handlers 
responsiv e to the event storing, in a f i rst pos i t i on i n t h e notific a tion list, an 

not i f i cat i on upon an occurrence of the event, pr i or to other not ifications in 
th e not i f i cat i on l ist ; 

intercepting, via the interception wrapper, an access attempt from a local 
client prior to receipt of the access attempt by the access gateway, the access attempt 
indicative of a pending DB instruction in an IPC buffer; 

identifying thea local event object corresponding to the access attempt; 

indexing thea notification list corresponding to the identified local event 

object; 

traversing the indexed notification list, the notification list including entries 
of notifications to be performed upon occurrence of the event; 

reading a traversed entry corresponding to the local agent, the entry 
indicative of the location of the local agent; 

notifying the local agent using the read location of the local agent; 

retrieving, in response to the notification, the DB instruction from the IPC 

buffer; 

transmitting the retrieved DB instruction from the IPC buffer to a data 
security device operable to analyze the propriety of the DB instruction; 

reading a successive traversed entry corresponding to the access gateway, the 
entry indicative of the location of the access gateway; and 

notifying, after the notifying of the local agent, the access gateway of the 
IPC event occurrence using the read location of the access gateway. 
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19. (Previously Presented) The method of claim 18 wherein establishing the 
interception wrapper further comprises: 

storing, in a successive position in the notification list, an indication of the access 
gateway, the access gateway operable to employ the IPC event for database 
instructions. 

20. (Original) The method of claim 1 8 wherein the interception wrapper is operable to 
receive interprocess communication signaling between the local client and the access 
gateway, and intercepting further comprises: 

receiving, by the interception wrapper, a signaling message to the access 
gateway; 

processing the signaling message to identify an DB instruction in the register; 

and 

passing the signaling message in a nondestructive manner to the access 
gateway. 

21 . (Currently Amended) A local agent comprising a computer readable storage 
medium havl!igepefable-te--s^0fe an encoded set of processor based instructions that, 
when executed by a processor responsive to the instructions, performs steps for 
monitoring access to a protected database resource comprising: 

an interface operable to identify an attempt to access the database resource, the 
access attempt being local and directed to an access gateway of the database 
resource, the access attempt being deterministic of a DB instruction, the local agent 
being in communication with a data security device operable to analyze the propriety of 
the access attempt from objects and data values referenced by the DB instruction; 

an IPC intercept operable to intercept the identified attempt to access the 
database resource, the IPC interce pt de fined by.a.dynamic linked library (DLL), 

identifying including replacing the determined DLL for database access 

with an interface wrapper, the interface wrapper for identifying the local agent as 
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a responsive entity for database calis such that the interface wrapper spoofs the 
database access gateway as the eotjty.responsive to database access attempts, 
the interface wrapper thus defining an IPC intercept for receiving database 
connection attempts prior to receipt by the database access gateway; 

intercepting occurring in a prioritized manner with respect to receipt of the 
access attempt by the access gateway, the prioritized manner including: 

establishing, in response to the i dentified connection attempt, an 

event notification list responsive to database access attempts using the 

identified connection: and 

storing, in the event notification list, the local a gent as the first entity 

to receive control from a database access attempt via the identified 

connection, the event notification list operable to initiate handlers 

responsive to the event; 

the local agent further operable to transmit, in a nondestructive manner, 
the intercepted access attempt to a data security device, the nondestructive 
manner operable to preserve the intercepted access attempt for successive 
receipt by the access gateway, the local agent further operable to reroute the 
intercepted access attempts to the data security device, the data security device 
operable to offload data security decisions as a consolidated appliance, the 
offloaded data security decisions relieving the host from processing the data 
security decisions. 



22. (Canceled) 



23. (Original) The agent of claim 21 wherein the local agent is operable to intercept 
in a prioritized manner, and further operable to: 

receive the access attempt into an interception register prior to receipt by 
the access gateway; 
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invoke a prioritized request to activate a reading operation of the 
interception register, invoking occurring prior to activation of a read operation of the 
access attempt on behalf of the access gateway; and 

read the access attempt from the interception register, the interception 
register subsequently appearing undisturbed to the access gateway. 

24. (Original) The agent of claim 21 wherein the local agent is operable to, prior to 
identifying the access attempt, establish the IPC intercept operable to receive an IPC 
communication directed to the access gateway prior to receipt of the IPC 
communication by the access gateway. 

25. (Original) The agent of claim 21 wherein the local agent is further operable to 
listen, at a common access point, for an incoming connection to the database resource, 
the common access point adapted to aggregate access attempts to the database 
resource from a plurality of access mediums. 

26. (Canceled) 

27. (Previously Presented) The agent of claim 21 wherein the local agent is 
operable to reroute local access attempts in a lightweight manner such that the data 
security device is operable to receive local and remote access attempts, wherein 
security coverage of the DB server for network and local access attempts occur via a 
common appliance. 

28. (Original) The agent of claim 21 wherein the local agent is further operable to: 

receive, from a notification object responsive to an event handler, an 
indication of an IPC communication indicative of a DB access attempt; 

identify an instruction register in a shared memory area, the instruction 
register having a database instruction corresponding to the access attempt; 

retrieve the DB instruction from the identified instruction register; and 
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transmit the retrieved DB instruction to the data security device. 



29. (Original) The agent of claim 21 wherein the local agent is further operable to: 

determine an IPC mechanism to be employed by a local client for 
accessing the DB resource; 

establish an IPC intercept from a common access point employed by 
database clients for accessing the DB resource; and 

receive the access attempt at the local agent via the IPC intercept prior to 
receipt of the access attempt by the access gateway. 

30. (Original) The agent of claim 29 wherein the local agent is further operable to: 
identify a plurality of access paths to a protected resource; 

identify a common access point for the access paths to the protected resource, 
access attempts occurring exclusively via the identified access point for the identified 
access paths. 

31 . (Original) The agent of claim 21 wherein the local agent is further operable to: 
establish an interface wrapper between the access gateway and the local client, 

the interface wrapper operable to identify an IPC mechanism adapted to transport 
communications between the access gateway and the local client; and 

modify the identified IPC mechanism to inform the local agent of the 
communications between the access gateway and the local client prior to informing the 
access gateway of the communication. 

32. (Original) The agent of claim 31 wherein the IPC mechanism is a shared memory 
portion including a plurality of instruction registers, the instruction registers operable to 
buffer a DB instruction for receipt by the access gateway. 

33. (Previously Presented) The agent of claim 21 wherein the local agent is a 
lightweight agent operable to intercept the access attempt and transmit the intercepted 
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DB instruction to a data security device, the local agent avoiding analyzing the access 
attempt on a DB host supporting the DB server. 

34. (Previously Presented) The agent of claim 21 wherein the local agent is further 
operable to: 

block the intercepted access attempt from receipt by the access gateway, and 
selectively unblock the access attempt depending on a data security decision indicative 
of the propriety of the access attempt. 

35. (Original) The agent of claim 34 wherein the local agent is responsive to the data 
security device for: 

computing the data security decision at the data security device; and 
transmitting the data security decision to the local agent, the local agent 
operable to permit receipt of the access attempt by the DB server. 

36. (Original) The agent of claim 35 wherein the data security device is operable to 
selectively log and block the access attempt, the data security decision including 
processing selected from the group consisting of firewalls, filters, intrusion detectors, 
alarms, alerts, tunneling and passwords. 

37. (Original) The agent of claim 24 wherein the local agent is further operable to: 
identify an event corresponding to the communication via an IPC mechanism; 
identify a local event object corresponding to the event, the local event object; 

having a notification list adapted to include registrants of an occurrence of the event; 
and 

register the local agent in the notification list, the local agent registered before the 
access gateway to receive notifications prior to receipt of the notification by the 
registered access gateway. 
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38. (Currently Amended) A data security device for monitoring access to a protected 
database resource comprising: 

a memory comprising a computer readable storage medium operable to store an 
encoded set of processor based instructions performable by a local agent ; 
a processor operable to execute the instructions in the memory; 
an interface operable for interconnection with a database host, the data security 
device in communication with thea local agent on the database host, the local agent 
responsive to the instructions -oeefable to: 

identify an attempt to access the database resource, the access attempt 
being local and directed to an access gateway of the database resource via an 
IPC mechanism defined by a dynamic linked library (DLL) ; 

intercept the identified attempt to access the database resource, 
intercepting occurring in a prioritized manner with respect to receipt of the access 
attempt by the access gateway, intercepting further comprising: 

replacing the determined DLL for database access with an interface 
wrapper, the interf ace wrappe r for identifying the local agent as a 
responsive entity for database calls such that the interface wrapper spoofs 
the database access gateway as the entity res ponsive to database access 
attempts, jh_^ for receiving 

database connection attempts prior to receipt by the database access 
gateway: 

identifying, at least one interprocess communication operation, 
each of the identified IPC operation corresponding to an event, the event 
derived from a database (DB) instruction; 

establishing, in response to the identified connection attempt, an 
event notification list responsive Jg database access attempts using the 
identified connection; 

instantiating a local event object corresponding to the event, the 
local event object having a notification list indicative of notifications of an 
object to be made upon an occurrence of the event; and 
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storing, in the event notification list, the local agent as the first entity 
to receive control from a database access attempt via the identified 
connection, the event notification list operable to initiate handlers 
responsive to the event stor i ng, in a f i rst pos i t i on i n the no t tf 4 GatiQn --l4 st -- , --a n 
i nd i cat i on - of - ^ 

not i f i cat i on upon an occurrence of the o v o nt ; pr i or to other not ifica t ions in 
th e no t ific a tion li s t; and 

transmit, in a nondestructive manner, the intercepted access attempt to a 
local agent, the nondestructive manner operable to preserve the intercepted 
access attempt for successive receipt by the access gateway. 

39. (Currently Amended) A computer program product having a computer readable 
storage medium operable to store computer program logic embodied in computer 
program code encoded as a set or processor based instructions thereon fo r, when 
executed by a processor in a computer, perform steps for monitoring access to a 
protected database resource comprising: 

computer program code for identifying an attempt to access the database 
resource, the access attempt being local and directed to an access gateway of the 
database resource; 

computer program code for intercepting the identified attempt to access the 
database resource, intercepting occurring in a prioritized manner with respect to receipt 
of the access attempt by the access gateway, computer program code for intercepting 
further comprising: 

computer program code for determining an IPC mechanism to be 

employed by a local client for accessing the DB resource , the IPC mechanism 

defined by a dynamic linked library (DLLj ; 

computer program code for identifying a common access point for the 

access paths to the protected resource, access attempts occurring via the 

identified access point for the identified access paths , identifying including: 
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repiacinq the determined DLL for database access with an interface 
wrapper, the interface wrapper for identifying the local agent as a 
responsive entity for database calls such that the interface wrapper spoofs 
the database access gateway as the entity responsive to database access 
attempts, the interface wrapper thus defining an [PC intercept for receiving 
database connectio n attempt s prior to receipt by the database access 
gateway: and 

establishing, in response to the identified connection attempt, an 
event notification list responsive to data base access attempts using the 
identified connection: 

computer program code for establishing an IPC intercept from the 
common access point employed by database clients for accessing the DB 
resource b y storing, in the event notification list, the local agent as the first entity 
to receive control from a database access attempt via the identified connection. 
the event notification list operable to initiate handlers responsive to the event : 
and 

receiving the access attempt at the local agent via the IPC intercept prior 
to receipt of the access attempt by the access gateway; and 

computer program code for transmitting, in a nondestructive manner, the 
intercepted access attempt to a local agent, the nondestructive manner operable to 
preserve the intercepted access attempt for successive receipt by the access gateway. 

40. (Canceled) 

41. (Canceled) 

42. (Currently Amended) An encoded set of processor based instructions on a 

computer readable storage medium that, ...when, executed by a processor responsive to 
the instructions, o p e r - ab le- fo perform a method of monitoring access to a protected 
database resource comprising: 
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identifying an attempt to access the database resource, the access attempt being 
local and directed to an access gateway of the database resource, identifying the 
access attempt further comprising listening, at a common access point, for an incoming 
connection to the database resource, the common access point adapted to aggregate 
access attempts to the database resource from a plurality of access mediums; 

intercepting the identified attempt to access the database resource, intercepting 
occurring in a prioritized manner with respect to receipt of the access attempt by the 
access gateway, intercepting further comprising: 

determining an IPC mechanism to be employed by a local client for 

accessing the DB resource, the iPC mechanism defined b y a dynamic linked 

library (DLL) ; 

identifying a common access point for the access paths to the protected 
resource, access attempts occurring via the identified access point for the 
identified access paths, identifying inciudina: 

replacing the determined DLL for database access with an interface 
wrapper, the interf ace wrappe r for identifying the local agent as a 
responsive entity for database calls such that the interface wrapper spoofs 
the database access gateway as the entity res ponsive to database access 
attempts, jhe .interface wrapper th for receiving 

database connection attempts prior to receipt by the database access 
gateway; and 

establishin g, in response to t he identified connection attempt, an 
event notification list responsive to database access attempts using the 
identified connection, the access attempt being deterministic of a DB 
instruction, such thata n4 the local agent is in communication with a data 
security device operable to analyze the propriety of the access attempt 
from objects and data values referenced by the DB instruction; 
establishing an IPC intercept from the common access point employed by 
database clients for accessing the DB resource by storing, in the event 
notification list, the ioca! agent as the first entity to receive control from a 
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database access attempt via the identified connection, the event notification list 

operable to initiate handlers responsive to the event : and 

intercepting the access attempt at the local agent via the IPC intercept 

prior to receipt of the access attempt by the access gateway; and 

receiving, in a nondestructive manner, the intercepted access attempt by a local 
agent, the nondestructive manner operable to preserve the intercepted access attempt 
for successive receipt by the access gateway, transmitting further comprising rerouting 
the intercepted access attempts to the data security device, the data security device 
operable to offload data security decisions as a consolidated appliance, the offloaded 
data security decisions relieving the host from processing the data security decisions. 

43. (Previously Presented) The method of claim 42 wherein intercepting the 
access attempt further comprises: 

identifying, at least one interprocess communication operation, each of the 
identified IPC operation corresponding to an event, the event derived from a database 
(DB) instruction; 

instantiating a local event object corresponding to the event, the local event 
object having a notification list indicative of notifications of an object to be made upon 
an occurrence of the event; and 

storing, in a first position in the notification list, an indication of the local agent, 
the first position operable to provide the first notification upon an occurrence of the 
event, prior to other notifications in the notification list; and 

storing, in a successive position in the notification list, an indication of the access 
gateway, the access gateway operable to employ the IPC event for database 
instructions. 

44. (New) In a network security environment, a method of redirecting message traffic 
under scrutiny to a data security device via an interprocess communication (IPC) 
intercept, comprising: 
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determining a dynamic linked library (DLL) responsive to database access 
requests for transferring control to a database access gateway; 

replacing the determined DLL for database access with an interface wrapper, the 
interface wrapper for identifying the local agent as a responsive entity for database calls 
such that the interface wrapper spoofs the database access gateway as the entity 
responsive to database access attempts, the interface wrapper thus defining an IPC 
intercept for receiving database connection attempts prior to receipt by the database 
access gateway; 

identifying an attempt to connect to the database; 

establishing, in response to the identified connection attempt, an event 
notification list responsive to database access attempts using the identified connection; 

storing, in the event notification list, the local agent as the first entity to receive 
control from a database access attempt via the identified connection, the event 
notification list operable to initiate handlers responsive to the event; 

identifying an event corresponding to a database access attempt via the 
identified connection; 

storing the database access attempt in an instruction register in shared memory 
operable to receive pending database requests; 

publishing the event corresponding to the database access attempt, publishing 
causing invocation according to the event notification list; and 

invoking the local agent responsive to the event notification list, the invoking 
causing the local agent to copy the database access attempt from the shared memory 
and forward the database access attempt to the data security device for processing and 
logging as a database access. 

45. (New) The method of claim 44 further comprising 

establishing the database access gateway as a successive entry in the 
notification list; 

generating a second notification responsive to the database access attempt 
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invoking, as a successive entry in the event notification list, the database access 
gateway, thus permitting the database access attempt to continue unmodified. 



